This blog is largely deprecated, but is being preserved here for
historical interest. Check out my index page at adamfields.com for more up to
date info. My main trade is technology strategy,
process/project management, and performance optimization consulting,
with a focus on enterprise and open source CMS and related
technologies. More
information. I write periodic long pieces here, shorter stuff goes
on twitter or app.net.

8/1/2005

As some of you know, on September 11, 2001, I lived one block north of Battery Park, at 21 West Street. (Ironic popup tag provided courtesy of Google Maps.) When I was forced to leave for thirteen days while the smoke cleared, I had little time to grab anything. I left without my computers, without my original installation discs, and without all of my Product ID stickers. I found myself suddenly without the mechanism to reinstall a number of legally purchased programs that I needed to use for work, and taking a lot of time that could have been better spent wallowing in my own PTSD calling around to various companies to get them to unlock things for me.

There were stories of rescue workers hampered by license management, and that’s when I knew.

The world is dangerous, and sometimes emergencies happen. While people can say “hey, maybe we should make an exception here, because there are extenuating circumstances”, computers just don’t care about that. We are backing ourselves into a restricted corner, and a dangerous one, where computers call the shots, even in the midst of crisis, even in the midst of rational exceptions. Granted, every case is not this extreme. Hopefully, the future will be without another like it in my immediate vicinity. But the trend to pre-emptively lock down everything by default scares me.

As we evolve towards tighter and tighter controls without any possibility for exception, what happens when those granting agencies stop granting? What happens when companies that issue DRM go bankrupt? What happens if they’re unreachable? What happens if they simply decide to stop supporting their framework?

As my high school calculus teacher used to say – “it’s always easier to ask forgiveness than to ask permission”. Security is many tradeoffs, and if you restrict legitimate uses in the name of preventing illegitimate ones, you’ve cut off part of the point of having security in the first place. If you restrict legitimate uses without even preventing the illegitimate ones, you’re wasting your customers’ time, and you’re part of the problem.